Arischio Consulting

Case Studies

CLIENT A - Implementing an IT Risk Governance structure

CHALLENGE: Lack of oversight by senior management of its critical IT risks impacting the delivery of its shared services. Teams managing risks in silos resulting in the inability to achieve a holistic view of the key risks

Solution : Rolled out a phased implementation plan broken down into governance, processes and people. Conducted a gap analysis against the Group IT Risk Management Framework. A series of actions were identified and resources allocated based on priorities.

An IT Governance framework was designed based on industry standards i.e. COBIT and NIST.  A full review of all the risks were reviewed, quality checked and categorised in line with the IT Risk Framework. Each risk was assigned a risk owner and captured in the Risk Register. Once logged, the bottom up risks were aggregated into common thematic risks. A risk workshop was run with senior management to identify the top down IT risks. Combined with the bottom up thematic risks, an enterprise view of the key IT risks were formed and reported to the Board

Outcome:

  • An IT Governance structure put into place with an oversight forum chaired by the IT Director. The forum reviewed a monthly risk report that included the top 10 IT risks across the IT Shared Services.
  • A more comprehensive view of the top IT risks and its impact to the business was developed and supported by mitigating actions.
  • A monthly and quarterly IT Risk Report developed and provided to both the IT Director and to Group, tracking risks using KRIs and incident data.

CLIENT B - Develop a minimum viable target operating model

CHALLENGE: Lack of governance oversight of shared services by the Board. Strengthen governance in preparation for becoming a regulated entity.

Solution : A minimum viable plan was developed based on regulatory, financial and legal requirements of an intra group service company. Working closely against the standards of the Irish regulations, a gap analysis was conducted and a series of actions identified.  A working group was set up to support the delivery of the project . Worked closely with key stakeholders including Board members to ensure deliverables met their requirements. The success of this project was very much dependent on the commitment of senior management across the organization. 

Outcome:

  • A service governance framework was rolled out to ensure adequate oversight of service management both at strategic and operational level.
  • A more focused Board and Executive Committee agenda was developed that added value rather than a rubber-stamping exercise
  •  Worked closely with all the different functions to deliver the functional service catalogues that allowed top management to have a better understanding of its key services and the SLAs 
  • Implemented a new service performance monitoring and reporting process to track the SLAs and escalate issues on a timely manner
  • Set up an operational committee made up of senior representatives from each function to ensure the smooth operation of the organisation

CLIENT B - Develop a minimum viable target operating model

CHALLENGE: Lack of governance oversight of shared services by the Board. Strengthen governance in preparation for becoming a regulated entity.

Solution : A minimum viable plan was developed based on regulatory, financial and legal requirements of an intra group service company. Working closely against the standards of the Irish regulations, a gap analysis was conducted and a series of actions identified.  A working group was set up to support the delivery of the project . Worked closely with key stakeholders including Board members to ensure deliverables met their requirements. The success of this project was very much dependent on the commitment of senior management across the organization. 

Outcome:

  • A service governance framework was rolled out to ensure adequate oversight of service management both at strategic and operational level.
  • A more focused Board and Executive Committee agenda was developed that added value rather than a rubber-stamping exercise
  •  Worked closely with all the different functions to deliver the functional service catalogues that allowed top management to have a better understanding of its key services and the SLAs 
  • Implemented a new service performance monitoring and reporting process to track the SLAs and escalate issues on a timely manner
  • Set up an operational committee made up of senior representatives from each function to ensure the smooth operation of the organisation

CLIENT C - Rolling out a supply chain risk framework

CHALLENGE: Vendor risks were managed in silos, senior management had no adequate oversight of its key risks and impact on the organisation should a major supplier fails.

Solution : Working with the Group Risk Framework, a supply chain risk universe was created based on Level 1, 2 and 3 risk categories. A deep dive analysis of each risk logged in different risk registers belonging to Tier 1 to 3 suppliers was conducted.

Each of the supplier relationship managers responsible for their risk registers was given risk training and performed a data cleansing exercise to ensure the correct information had been captured.

Open risks were either accepted by the accountable executive or a mitigation plan was put in place. Once the risks had been reviewed, all the valid risks were migrated and the tool rolled out to the Supplier Relationship team for ongoing use.

A supply chain risk report was developed for senior management showing the key risks and mitigating actions.

Outcome:

  • A new supply chain risk universe was developed
    A new risk tool was rolled out to be used for storing and logging all supplier risks
  • A risk report was developed for senior management to review during the monthly meetings.